Vulmon Recent Vulnerabilities Discussions Trends About Contact

Recent vulnerabilities and exploits

3.3
CVSSv2
CVE-2019-5108
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3. An attacker could exploit this vulnerability by triggering AP to send IAPP location updates for stations before the required authentication process has completed. This could lead to...
LinuxLinux Kernel
NA
CVE-2019-18898
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers...
NA
CVE-2019-19837
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote information disclosure of bin/web.conf via HTTP requests....
NA
CVE-2020-7210
Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts....
NA
CVE-2019-19835
SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/_rcmdstat.jsp URI....
NA
CVE-2019-19363
Local Privilege Escalation in many Ricoh Printer Drivers for Windows. Pentagrid has been asked to manage the coordinated disclosure process for a vulnerability that affects several Windows printer drivers for a wide range of printers by the printer manufacture Ricoh. Due to...
NA
CVE-2020-5217
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.8.0, 5.1.0, and 6.2.0. If user-supplied input was passed into append/override_content_security_policy_directives, a semicolon could be injected leading to directive...
NA
CVE-2020-5216
In Secure Headers (RubyGem secure_headers), a directive injection vulnerability is present in versions before 3.9.0, 5.2.0, and 6.3.0. If user-supplied input was passed into append/override_content_security_policy_directives, a newline could be injected leading to limited header...
NA
CVE-2020-5223
In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a persistent XSS attack is possible. Under certain conditions, a user provided attachment file name can inject HTML leading to a persistent Cross-site scripting (XSS) vulnerability. The vulnerability has been...
NA
CVE-2019-20399
A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2019-18187CVE-2019-5706CVE-2019-19836CVE-2019-19841CVE-2020-0674CVE-2018-16262buffer overflows9ymemory leakserendipitybrute force